Soso H H

**Name of the Vulnerable Software and Affected Versions** BosClassifieds Classified Ads System version 3.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `cat` parameter in the "index.php" endpoint. **Recommendations** For BosClassifieds Classified Ads System version 3.0, consider restricting access to the `cat` parameter in the "index.php" endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** phpArcadeScript versions 1.0 through 3.0 RC2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `userid` parameter in a "profile" action. **Recommendations** For phpArcadeScript versions 1.0 through 3.0 RC2, avoid using the `userid` parameter in the affected API endpoint until the issue is resolved. Consider restricting access to the "profile" action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** iTechBids Gold version 6.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `item id` parameter in the "detail.php" endpoint. **Recommendations** For iTechBids Gold version 6.0, consider restricting access to the `item id` parameter in the detail.php endpoint until a patch is available. As a temporary workaround, avoid using the `item id` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! Marketplace (com marketplace) versions 1.1.1 through 1.1.1-pl1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `catid` parameter in a "show category" action. **Recommendations** For versions 1.1.1 through 1.1.1-pl1, avoid using the `catid` parameter in the affected API endpoint until the issue is resolved.